| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 1999-06-07 | return a ICMP_UNREACH_PROTOCOL for protocols we do not support; discussion ↵ | Theo de Raadt | |
| with cmetz | |||
| 1999-06-07 | Fix use of uninitialized TDB hash table in tdb_delete(), introduced | Angelos D. Keromytis | |
| along with the dynamically-resized TDB table (report and fix suggestion by henric@ncal.verio.com) | |||
| 1999-06-06 | Ident. | Angelos D. Keromytis | |
| 1999-06-06 | avoid a future problem inside an #ifdef notyet | Theo de Raadt | |
| 1999-06-04 | forgot to zero sunion | Niels Provos | |
| 1999-05-24 | instead of dropping out of window SYNs, send an ACK and drop afterwards. | Niels Provos | |
| fixes a problem with NFS over TCP reported by Jason Thorpe, fix from klm@netbsd.org | |||
| 1999-05-23 | SA hash table resizing | Niklas Hallqvist | |
| 1999-05-20 | Fix a bug where the ordered expiration list could get out of order. Add | Niklas Hallqvist | |
| invariant checking of the lists when DIAGNOSTIC compiled. Extend the critical region to cover all of tdb_expiration so the tdb won't disappear behind our back. | |||
| 1999-05-16 | Don't judge locally generated tunnel packets as spoof attempts. indent. | Niklas Hallqvist | |
| 1999-05-16 | spltdb introduced, protection for tdb lists and related structures, so | Niklas Hallqvist | |
| they won't disappear behind our back by an expiration. Cleanup expiration logic too. | |||
| 1999-05-16 | Add support for static ARP entries that cannot be overwritten. | Hakan Olsson | |
| Ordinary static ARPs that are overwritten will no longer still be static. | |||
| 1999-05-14 | A new scalable IPsec SA expiration model. | Niklas Hallqvist | |
| 1999-05-12 | Obvious pasto | Niklas Hallqvist | |
| 1999-05-12 | Follow local indentation style. | Hakan Olsson | |
| 1999-05-12 | Fix problem with data corruption for retransmitted TCP packets | Hakan Olsson | |
| in an IPSec ESP tunnel. OpenBSD PR 819. | |||
| 1999-05-11 | Remove cruft that wasted space en masse in the IPsec subsystem | Niklas Hallqvist | |
| 1999-04-28 | zap the newhashinit hack. | Artur Grabowski | |
| Add an extra flag to hashinit telling if it should wait in malloc. update all calls to hashinit. | |||
| 1999-04-23 | dont accept packets with the destination address of a down interface; | Niels Provos | |
| proff@netbsd.org. | |||
| 1999-04-22 | Heh, this was definitely not tested. cpp sytax errors. | Niklas Hallqvist | |
| 1999-04-21 | From Tom Henderson <tomh@cs.berkeley.edu>: | Niels Provos | |
| Fixed a sequence wraparound bug in the snd_recover variable discovered in very large (multiple GByte) transfers (in loss free conditions, snd_recover was not sufficiently tracking snd_una). Thanks to Mark Smith for finding this. Fixed a bug in tcp_newreno that was preventing retransmission of data due to partial acks. (Discovered by Jayanth Vijayaraghavan) | |||
| 1999-04-20 | messup, learn to test *all* variants of compile options when | Niklas Hallqvist | |
| altering the logic round such. | |||
| 1999-04-20 | use open() with O_EXCL.. but also move to /var/run to avoid the 2nd-level ↵ | Theo de Raadt | |
| /tmp race which darren obviously does not think important | |||
| 1999-04-20 | Merge MROUTING and IPSEC wrt handling of IP-in-IP tunnelled packets. | Niklas Hallqvist | |
| Fix a panic case in the MROUTING code too. Drop M_TUNNEL support, nothing ever uses it. | |||
| 1999-04-16 | fix ipf return-rst panic bug; beck | Theo de Raadt | |
| 1999-04-12 | move encdebug to a useful place | Theo de Raadt | |
| 1999-04-11 | Introduce net.inet.{ah,esp}.enable sysctl controls that are off by default. | Niklas Hallqvist | |
| If you are going to use either of AH or ESP or both, enable these in /etc/sysctl.conf. Also correct the IPSec debugging sysctl code, it is now named net.inet.ip.encdebug. Some corrected function signatures too. | |||
| 1999-04-09 | The kernel parts of a sysctl that can switch on/off IP-in-IP (protocol 4) | Niklas Hallqvist | |
| support, when IPSEC is compiled in. The default is disabled. Turn on with: sysctl -w net.inet.ip4.allow=1 ***Only*** do this if you are really knowing what you do! This control does not control the tunnel modes of ESP and AH. | |||
| 1999-04-09 | Make the tdbi handling more robust, removes a panic case | Niklas Hallqvist | |
| 1999-04-09 | Check for local address spoofing on encapsulated packets. | Angelos D. Keromytis | |
| 1999-04-04 | fix tunnelling; provos | Theo de Raadt | |
| 1999-03-27 | add SADB_X_BINDSA to pfkey allowing incoming SAs to refer to an outgoing | Niels Provos | |
| SA to be used, use this SA in ip_output if available. allow mobile road warriors for bind SAs with wildcard dst and src addresses. check IPSEC AUTH and ESP level when receiving packets, drop them if protection is insufficient. add stats to show dropped packets because of insufficient IPSEC protection. -- phew. this was all done in canada. dugsong and linh provided the ride and company. | |||
| 1999-03-24 | Implement lifetime expiration notifications. Fix some typos. Remove statics. | Niklas Hallqvist | |
| 1999-03-24 | Reworked udp_output() to minimize the number of if() statements needed to get | cmetz | |
| packets out. Also had the nice side effect of fewer blocks now move around by ifdefs, which makes it more readable. | |||
| 1999-03-24 | Removed inclusion of netinet6/in6.h. This was an artifact of when the core | cmetz | |
| IPv6 symbols were there rather than in netinet/in.h, and now not only is unnecessary but also could create problems (see PR library/781). | |||
| 1999-03-24 | Removed old NRL convention in6a_words virtual-field from struct in6_addr. | cmetz | |
| Let's not encourage the use of an obsolete convention. | |||
| 1999-03-24 | Replace 'in6a_words' (old NRL convention) with 's6_addr32' (new BSDI et al. | cmetz | |
| convention that is more common and more specific as to the access size) | |||
| 1999-03-13 | indent | Theo de Raadt | |
| 1999-03-06 | Update IP pointer, when doing multiple transforms. | Angelos D. Keromytis | |
| 1999-03-04 | be more careful with freeing TDBs | Theo de Raadt | |
| 1999-03-04 | more paranoid maintenance | Theo de Raadt | |
| 1999-02-25 | Prettier reporting, report number of flows in use per SA. | Angelos D. Keromytis | |
| 1999-02-25 | Skipjack key bzero'ing case. | Angelos D. Keromytis | |
| 1999-02-25 | Print more information in /kern/ipsec | Angelos D. Keromytis | |
| 1999-02-25 | Bzero key information before free'ing it, just for paranoia's sake. | Angelos D. Keromytis | |
| 1999-02-25 | Use M_XDATA for the key schedule, instead of M_TEMP. | Angelos D. Keromytis | |
| 1999-02-25 | Clear the DF bit, so packets don't get dropped inside a tunnel. | Angelos D. Keromytis | |
| The real solution is probably to keep soft state; however, it's not entirely clear what a tunnel's properties with regards to fragmentation are (it may be considered a infinitely-large MTU pipe). | |||
| 1999-02-25 | Be a bit more paranoid before free'ing memory. | Angelos D. Keromytis | |
| 1999-02-25 | Move union sockaddr_union to ip_ipsp.h | Angelos D. Keromytis | |
| 1999-02-24 | Update copyright; remove a few annoying debugging printfs. | Angelos D. Keromytis | |
| Btw, OpenBSD hit 25000 commits a couple commits ago. | |||
| 1999-02-24 | add skipjack support back | Theo de Raadt | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |